Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2021-24618

    The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when savin... Read more

    Affected Products : donate_with_qrcode
    • EPSS Score: %0.27
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24617

    The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues... Read more

    Affected Products : gamepress
    • EPSS Score: %0.21
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24616

    The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : addtoany_share_buttons
    • EPSS Score: %0.21
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24615

    The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.... Read more

    Affected Products : wechat_reward
    • EPSS Score: %0.10
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24614

    The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : book_appointment_online
    • EPSS Score: %0.21
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24613

    The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disa... Read more

    Affected Products : post_views_counter
    • EPSS Score: %0.21
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24612

    The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilter... Read more

    Affected Products : sociable
    • EPSS Score: %0.21
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24611

    The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacke... Read more

    Affected Products : keyword_meta
    • EPSS Score: %0.08
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24610

    The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascri... Read more

    Affected Products : translatepress
    • EPSS Score: %1.57
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24609

    The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallo... Read more

    Affected Products : wp_mapa_politico_espana
    • EPSS Score: %0.21
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24608

    The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    Affected Products : formidable_form_builder
    • EPSS Score: %0.21
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24607

    The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.... Read more

    Affected Products : storefront_footer_text
    • EPSS Score: %0.21
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24606

    The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages... Read more

    Affected Products : availability_calendar
    • EPSS Score: %0.53
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24605

    The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue... Read more

    Affected Products : custom_post_view_generator
    • EPSS Score: %0.21
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24604

    The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even ... Read more

    Affected Products : availability_calendar
    • EPSS Score: %0.22
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24603

    The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed... Read more

    Affected Products : site_reviews
    • EPSS Score: %0.18
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24602

    The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page... Read more

    Affected Products : hm_multiple_roles
    • EPSS Score: %0.71
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24601

    The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wpfront_notification_bar
    • EPSS Score: %0.16
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24600

    The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_dialog
    • EPSS Score: %0.22
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24599

    The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data.... Read more

    Affected Products : email_encoder
    • EPSS Score: %0.19
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results